|
For most organizations, inbound message volumes (composed primarily of spam email) increased dramatically over 2006 and this trend continues in 2007. This continuing rise in email volume presents a new challenge for organizations. How can they most effectively manage this increased message volume and reduce the impact of massive spam storms without “breaking the bank?” Enterprises have 3 choices in fighting the growing spam volumes.
Increase Computing Capacity
As spam increases, adding computing capacity is one effective option. Adding more servers to the spam filter cluster provides organizations with added horsepower. For example, if spam volumes double, then capacity can easily be doubled by adding another server or two. A more elegant and powerful solution is to add additional capacity through virtualization. Capacity can be dynamically increased by adding more virtual servers to the spam filter cluster. This is known as “dynamic capacity planning”. Its key added advantage is that it enables organizations to cost effectively deal with massive spam volume increases, as might be the case in a spam storm.
Improve Bandwidth Utilization
The second solution in properly handling volume increases is to improve bandwidth utilization. Two options present themselves. One method is to do the spam filtering in the cloud, that is, off premises. The disadvantage with this approach is that it removes any type of control that an organization’s IT department has over its email. The other method is to make use of connection management solutions. Connection management is a way to achieve the same results—improving bandwidth utilization—while maintaining control of the email infrastructure. This will be discussed in detail in the following section, and is the reason email reputation services have become a popular solution.
A Combination Approach
The ultimately scalable solution that can deal with any set of spam volume increases—today and tomorrow—is one that combines both methods of scalability above. This gives the enterprise a cost effective roadmap for scaling their infrastructure in response to massive increases in spam volumes. This method has evolved as the “best practice” for enterprise scalability. Proofpoint has adopted a combined approach, and presents customers with all options.
Improving Bandwidth Utilization with Connection Management
Connection management is an effective technique for managing spam volumes. Connection management refers to the set of techniques that allow a system to make decisions on an incoming email message at the connection level.
First, let’s discuss the meaning of a connection. An email sent over the SMTP protocol is composed of 3 components: the envelope, the header, and the body of the message. When an email is sent, the sending SMTP server opens up a connection to the receiving server, before it begins transmission of the envelope, headers, and body. During the connection phase, the only information that is exchanged is the IP address of the sending server (along with some other setup information). Once the receiving server acknowledges the sending IP address, the connection is established, and the sending server can send the actual email message. Note that more than one message can be sent in a single connection. For example, a connection could be established that then proceeds to send five messages in succession.
A good metaphor that can help illustrate connections follows. Consider two large cargo ships entering the Port of Oakland. The first ship’s origin is from North Korea. The second ship’s origin is from the United Kingdom. Each cargo ship is holding many containers filled with goods. Think of the ship as the connection and the containers as email messages. Now, a customs official in Oakland greets the first ship from North Korea. He looks at the port of origin. It is from North Korea. He refuses the ship entry to the US, knowing the port of origin is on the US “ban” list. The customs official does not waste valuable resources investigating and searching through the containers for contraband or illegal items. The customs official then greets the second ship. Looking at the port of origin, he learns it is from the UK, a US trading partner. He then launches an investigation into the contents of each container, ensuring that there are no malicious goods contained within.
|
